Where to Find Remote Desktop Connection?
Did you know remote access applications are one of the top avenues attackers use to gain access into merchant systems? In 2014, SecurityMetrics PCI forensic investigations found 80% of investigated merchants were attacked through insecure remote access.
So, why all the focus on remote access? It’s the easiest avenue for hackers to find and steal data. By using stolen remote access credentials, hackers can bypass difficult firewalls and more easily gain access to sensitive data.
Configuration is the culpritIt’s not necessarily the remote access application itself, but the way it’s configured that creates vulnerabilities.
What are we doing wrong with remote access?
Here are a few ways configuring your remote desktop connection incorrectly can make it vulnerable to cyber attacks:
Using default passwords
When a remote desktop connection is installed, it uses default passwords. Often these passwords will continue to be used even after installation because it’s easier for future maintenance and use. It’s definitely more convenient for users and vendors to not have to remember a new password, and it makes the work go faster.
Unfortunately, these passwords aren’t secure and can easily be used by attackers, making your whole software and data vulnerable. Most default passwords and settings are well known by hackers and are easily found via an Internet search. So having a password will do you no good if it’s not a secure one.
Having default usernames
Hackers want to find the easiest way to steal data. For them, an easy way is gaining credentials of remote access. By gaining the credentials, hackers can bypass firewalls. Which is easier, going up against a heavy duty firewall, or finding the password to slip by it?
Similar to the password dilemma, by not changing default usernames with security in mind, you’re leaving your remote access vulnerable to attacksRelying on third party providers
Many companies will often assume the third party provider of their remote access will configure the application properly. They may also feel the third party provider will be at fault should a breach happen. Not so.
Even if your third-party provider fails to configure the application properly and a data breach happens, the merchant is at fault. Making sure the remote desktop connection has secure passwords and usernames is the merchant’s responsibility.
Keep your remote access secure!While remote access is one of the top avenue for hackers to steal data, there are ways to secure it. Here are some tips to make sure your remote desktop connection is secured properly:
- This is a PCI requirement. You must use a combination of three things to provide authentication: something you know, something you have, or something you are.
- Keep firewalls updated: this helps ensure adequate internal and external protection.
- Store and monitor logs: monitoring log activity can help find suspicious activity, like someone logging in at 3 am over 100 times.
- these scans can help you find and fix internal and external vulnerabilities.
- Don’t allow guest accounts: guest accounts allow anonymous computer and system access.
- Limit login attempts: set the application to lock out the user if they try to login after a number of failed attempts.
- Use limited access: only provide remote access to those who need it. It keeps credentials from falling in the wrong hands.
- make sure everyone knows the procedures with remote access so employees aren’t accidentally giving credentials to unauthorized users.